academic year 2020-21 ise information science

Academic Year 2020-21

ISE – Information Science & Engineering

M.Tech in Cyber Forensics and Information

Security

I and II Semesters

Scheme and Syllabus

CONTENTS

1. Vision, Mission and Program Educational Objectives (PEO) 1

2. Program Outcomes (PO) with Graduate Attributes 2

3. Mapping of POs with PEOs 3

SCHEME

4. Scheme of First Semester M. Tech 4

5. Scheme of Second Semester M. Tech 5

6. Scheme of Third Semester M. Tech 6

7. Scheme of Fourth Semester M. Tech 7

SYLLABUS

8. Syllabus of First Semester M.Tech: 8

a) Ethical Hacking 9

b) Number Theory and Cryptology 11

c) Information Security and Computer Networking 14

d) Cyber Crime and Cyber Forensics 16

e)Research Methodology 18

f)Access control and Identity Management System 21

g) Cloud Security 23

h) Advanced Cryptography 25

i) Application and Web Security 27

j) Ethical Hacking lab 30

k) Number Theory and Cryptology lab 32

l) Mini Project 34

9. Syllabus of Second Semester M.Tech: 35

a) Preserving and Recovering Digital Evidence 36

b) Operating System Security 38

c) Secured Programming 40

d) Cyber Laws and Ethics 42

e) Biometric Security 45

f) Trust Management in E-Commerce 47

g) Information Security Policies in Industry 49

h) Database Security 51

i) Seminar 54

j)Mini Project 54

Appendix A Outcome Based Education 55

Appendix B Graduate Parameters as defined by National Board of Accreditation 56

Appendix C Bloom’s Taxonomy 57

1

VISION

To evolve as a centre of academic excellence and advanced research in information science

and engineering discipline and to endeavour the computational competence of students for

their dream career achievement and enhancing the managerial and technical skills.

MISSION

To inculcate students with profound understanding of fundamentals related to discipline,

attitudes, skills and their application in solving real world problems, with an inclination

towards societal issues and research.

Program Education objectives (PEOs)

PEO1

To excel in their professional career with expertise in providing solutions to

Information Technology problems.

PEO2

To pursue higher studies with profound knowledge enriched with academia and

industrial skill sets.

PEO3

To exhibit adaptive and agile skills in the core area of Information Science &

Engineering to meet the technical and managerial challenges.

PEO4

To demonstrate interpersonal skills, professional ethics to work in a team to make

a positive impact on society.

PEO to Mission Statement Mapping

Mission Statements PEO1 PEO2 PEO3 PEO4

To prepare the students with academic and industry exposure

by empowering and equipping them with necessary domain

knowledge.

3 2 2 2

To prepare the students for global career in information

technology with relevant technical and soft skills. 3 2 2 2

To encourage students to participate in co-curricular and

extracurricular activities leading to the enhancement of their

social and professional skills.

2 2 3 3

Correlation: 3- High, 2-Medium, 1-Low

2

Program Specific Outcomes (PSO’s)

PSO1: The ability to understand, analyze and develop computer programs in the areas related

to algorithms, system software, multimedia, web design, big data analytics and networking

or efficient design of computer based systems of varying complexity.

PSO2: The ability to apply standard practices and strategies in software project

development using innovative ideas and open ended programming environment with

skills in teams and professional ethics to deliver a quality product for business success. Program Outcomes (PO) with Graduate Attributes

Graduate Attributes Program Outcomes (POs)

1 Engineering Knowledge PO1: The basic knowledge of Mathematics, Science and

Engineering.

2 Problem analysis PO2: An Ability to analyse, formulate and solve engineering

problems.

3 Design and Development of

Solutions

PO3: An Ability to design system, component or product and

develop interfaces among subsystems of computing.

4 Investigation of Problem

PO4: An Ability to identify, formulate and analyze complex

engineering problem and research literature through core subjects

of Computer Science.

5 Modern Tool usage PO5: An Ability to use modern engineering tools and equipments

for computing practice.

6 Engineer and society

PO6: An Ability to assess societal, health, cultural, safety and legal

issues in context of professional practice in Computer Science &

Engineering.

7 Environment and

sustainability

PO7: The broad education to understand the impact of engineering

solution in a global, economic, environmental and societal context.

8 Ethics PO8: An understanding of professional and ethical responsibility.

9 Individual & team work PO9: An Ability to work both as individual and team player in

achieving a common goal.

10 Communication PO10: To communicate effectively both in written and oral formats

with wide range of audiences.

11 Lifelong learning PO11: Knowledge of contemporary issues, Management and

Finance.

12 Project management and

finance

PO12: An Ability to recognize the need and thereby to engage in

independent and life-long learning for continued professional and

career advancement.

3

Mapping of POs with PEOs

PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12

PEO1 3 3 3 2 3 - - 2 3 1 3 1

PEO2 3 3 3 2 3 - - 2 3 1 3 1

PEO3 3 3 3 2 3 - - 2 3 1 3 1

PEO4 3 3 3 2 3 - - 2 3 1 3 1

Correlation: 3- High, 2-Medium, 1-Low

4

New Horizon College of Engineering

Department of Information Science and Engineering

First Semester M. Tech Program–Scheme AY: 2019-20

Sl.

No

Course

Code Course BOS

Credit

Distributio

n Over

all

Cre

dit

s

Con

tact

Hou

rs

Marks

L T P

CIE SE

E TOTAL

1 19SFC11 Ethical Hacking ISE 3 0 0 3 3 50 50 100

2 19SFC12 Number Theory

and Cryptology ISE 3 0 0 3 3 50 50 100

3 19SFC13

Information

Security and

Computer

Networking

ISE 3 0 0 3 3 50 50 100

4 19SFC14 Cyber Crime and

Cyber Forensics ISE 3 0 0 3 3 50 50 100

5 19SFC15 Research

Methodology ISE 2 0 0 2 2 25 25 50

6 19SFC16X Professional

Elective-1 ISE 4 0 0 4 4 50 50 100

7 19SFCL17 Ethical Hacking

lab ISE 0 0 2 2 4 25 25 50

8 19SFCL18

Number Theory

and Cryptology

lab

ISE 0 0 2 2 4 25 25 50

9 19SFC19 Mini Project ISE - - - 3 0 50 50 100

TOTAL 25 26 375 375 750

Professional Elective – 1

Course Code Course Name

19SFC161 Access control and Identity Management System

19SFC162 Cloud Security

19SFC163 Advanced Cryptography

19SFC164 Application and Web Security

5

New Horizon College of Engineering

Department of Information Science and Engineering

Second Semester M. Tech Program-Scheme AY: 2019-20

Sl.N

o

Course

Code Course BOS

Credit

Distribution Overall

Credits

Con

tact

Hou

rs

Marks

L T P CIE SE

E

TOTA

L

1 19SFC21

Preserving and

Recovering

Digital

Evidence

ISE 4 0 0 4 4 50 50 100

2 19SFC22

Operating

System

Security

ISE 4 0 0 4 4 50 50 100

3 19SFC23 Secured

Programming ISE 4 0 0 4 4 50 50 100

4 19SFC24 Cyber Laws

and Ethics ISE 4 0 0 4 4 50 50 100

5 19SFC25X Professional

Elective-2 ISE 4 0 0 4 4 50 50 100

6 19SFC26 Technical

Seminar

ISE - - - 2 0 25 25 50

6 19SFC27 Mini Project ISE - - - 3 0 50 50 100

TOTAL 25 20 325 325 650

Professional Elective – 2

Course Code Course Name

19SFC251 Biometric Security

19SFC252 Trust Management in E-Commerce

19SFC253 Information Security Policies in Industry

19SFC254 Database Security

8

FIRST SEMESTER

(SYLLABUS)

9

ETHICAL HACKING

Course Code :19SFC11 Credits : 03

L:T:P :3:0:0 CIE Marks : 50

Exam Hours : 03 SEE Marks : 50

Course Outcomes: At the end of the Course, the Student will be able to do the following:

CO1 Learn aspects of security, importance of data gathering, foot printing and system hacking.

CO2 Summarize tools and techniques to carry out a penetration testing.

CO3 Interpretation of intruders escalating privileges.

CO4 Describe Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks,

Buffer Overflows and Virus Creation.

CO5 Compare different types of hacking tools.

CO6 Apply the techniques for real world problems in the domain

Mapping of Course Outcomes to Program Outcomes:

CO/PO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12

CO1 3 3 3 2 2 3 - 3 1 1 2 2

CO2 3 3 3 2 2 3 - 3 1 1 2 2

CO3 3 3 3 2 2 3 - 3 1 1 2 2

CO4 3 3 3 2 2 3 - 3 1 1 2 2

CO5 3 3 3 2 2 3 - 3 1 1 2 2

CO6 3 3 3 2 2 3 3 1 1 2 2


CO/PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Module

No. Module Contents Hours CO’s

1 Casing the Establishment: What is foot printing, Internet Foot printing, Scanning, Enumeration, basic banner grabbing, Enumerating

9 CO1

10

Common Network services. Case study: Network Security Monitoring.

2

Securing permission: Securing file and folder permission, Using the

encrypting file system, Securing registry permissions. Securing

service: Managing service permission, Default services in windows

2000 and windows XP. Unix: The Quest for Root, Remote Access vs

Local access, Remote access, Local access, After hacking root.

9

CO2

3

Dial-up, PBX, Voicemail and VPN hacking, Preparing to dial up, War-Dialing, Brute-Force Scripting PBX hacking, Voice mail hacking, VPN hacking, Network Devices: Discovery Autonomous System Lookup, Public Newsgroups, Service Detection, Network Vulnerability, Detecting Layer 2 Media.

9

CO3

4

Wireless Hacking: Wireless Foot printing, Wireless Scanning and

Enumeration, Gaining Access, Tools that exploiting WEP Weakness,

Denial of Services Attacks, Firewalls: Firewalls landscape, Firewall

Identification-Scanning Through firewalls, packet Filtering,

Application Proxy Vulnerabilities, Denial of Service Attacks,

Motivation of Dos Attackers, Types of DoS attacks, Generic Dos

Attacks, UNIX and Windows DoS.

9

CO4

5

Remote Control Insecurities, Discovering Remote Control Software,

Connection, Weakness.VNC, Microsoft Terminal Server and Citrix

ICA, Advanced Techniques Session Hijacking, Back Doors, Trojans,

Cryptography, Subverting the systems Environment, Social

Engineering, Web Hacking, Web server hacking web application

hacking, Hacking the internet Use, Malicious Mobile code, SSL fraud,

E-mail Hacking, IRC hacking, Global countermeasures to Internet User

Hacking.

9

CO5,

CO6

TEXT BOOKS:

1. Stuart McClure, Joel Scambray and Goerge Kurtz, Hacking Exposed 7:

Network Security Secrets & Solutions, Tata McGraw Hill Publishers, 2010.

2. Bensmith, and Brian Komer, Microsoft Windows Security Resource Kit, Prentice Hall of India, 2010.

REFERENCE BOOKS:

1. Stuart McClure, Joel Scambray and Goerge Kurtz, “Hacking Exposed Network Security Secrets & Solutions”, 5th Edition, Tata McGraw Hill Publishers, 2010.

2. RafayBaloch, “A Beginners Guide to Ethical Hacking”.

3. Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, “Gray Hat Hacking The Ethical Hackers Handbook”, 3rd Edition, McGraw-Hill Osborne Media paperback(January 27, 2011)

11

Assessment Pattern:

CIE- Continuous Internal Evaluation (50 Marks).

Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks )

Quizzes

(10 Marks )

Remember 5 - -

Understand 5 5 -

Apply 5 5 10

Analyze 5 5 -

Evaluate 5 - -

Create - - -

SEE- Semester End Examination (50Marks).

NUMBER THEORY AND CRYPTOLOGY


L:T:P:3:0:0 CIE Marks :50

Exam Hours : 3 SEE marks :50

Course Outcomes: At the end of the Course, the Student will be able to:

CO1 Understand the significance of cryptography to the modern world and the internet.

CO2 Understand the rationale behind block cipher design.

CO3 Perform the cryptanalysis of a simple block cipher.

CO4 Integrate cryptographic algorithms into software projects.

CO5 Solve elementary problems in number theory relating to cryptography.

CO6 Build on number theoretic basics to further their knowledge of advanced methods of

cryptography

Bloom’s

Category

Questions

(50 Marks)

Remember 10

Understand 10

Apply 10

Analyze 10

Evaluate 10

Create -

12

Mapping of Course Outcomes to Program Outcomes

CO/

PO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12

CO1 3 3 3 2 - 1 2 1 3 2 1 2

CO2 3 3 3 2 - 1 2 1 3 2 1 2

CO3 3 3 3 2 - 1 2 1 3 2 1 2

CO4 3 3 3 2 - 1 2 1 3 2 1 2

CO5 3 3 3 2 - 1 2 1 3 2 1 2

CO6 3 3 3 2 - 1 2 1 3 2 1 2

Mapping of Course Outcomes to Program Specific Outcomes (PSOs):

CO/

PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Module

No Module Contents Hours CO’s

1

Methods Elementary Number Theory: Finite fields, Modular arithmetic,

Efficient algorithms for modular arithmetic, Fermat's little theorem,

Euler's criteria, Euler's totient function

9 CO1

2

Advanced Number Theory:Primality testing, prime factorization, The

Chinese remainder theorem, Quadratic residues and calculating modular

square roots and cube roots, The Jacobi symbol

9 CO2

3

Basic Cryptography Concepts- Basic Cryptography Concepts:

Symmetric Encryption Algorithms, Purpose of Cryptography, Data

Encryption Standard (DES), Triple DES, Advanced Encryption Standard

(AES). Classical methods: Caesar cipher, Vigenere cipher, The one-time

pad, Mechanical rotor systems

9 CO3

4

Modern ciphers: Block ciphers and their applications, Structure of a

block cipher, The Fiestel structure, Key and block size length, The Data

Encryption Standard (DES), The Advanced Encryption Standard (AES)

9 CO4

13

5

Hash Functions: One-way hash functions and their applications, SHA-1

and its successors. Cryptanalysis: Linear cryptanalysis, Differential

cryptanalysis, Meet-in-the-middle attacks. Key Distribution: The key

distribution problem, The Diffie-Hellman method, RSA and

relatedmethods

9 CO5,

CO6

TEXT BOOKS:

1. A Course in Number Theory and Cryptography, Â Neal Koblitz, (Springer 2006)

2. An Introduction to Mathematical Cryptography, Jill Pipher, Jeffrey Hoffstein, Joseph

H. Silverman (Springer, 2008)

3. An Introduction to theory of numbers, Niven, Zuckerman and Montgomery, (Wiley

2006)

4. Elliptic curves: number theory and cryptography, Lawrence C. Washington,

(Chapman & Hall/CRC 2003)

REFERENCE BOOKS:

1. An Introduction to Cryptography, R.A. Mollin (Chapman & Hall, 2001)

2. Rational Points on Elliptic Curves, Silverman and Tate (Springer 2005)

3. Guide to elliptic curve cryptography Hankerson, Menezes, Vanstone (Springer, 2004)

4. Elementary Number Theory, Jones and Jones (Springer, 1998)

CIE- Continuous Internal Evaluation: Theory (50 Marks)

Bloom’s

Category Tests Assignments Quizzes

(Marks out of 50) (25 Marks) (15 Marks) (15 Marks)

Remember 5 - -

Understand 5 - -

Apply 10 10 5

Analyze 5 5 5

Evaluate 5 - -

Create - - - SEE- Semester End Examination: Theory (50Marks)

Bloom’s Category Marks

(out of 50) Marks

Remember 10

Understand 10

Apply 20

Analyze 5

Evaluate 5

Create -

14

INFORMATION SECURITY AND COMPUTER NETWORKING

Course Code : 19SFC13 Credits : 03

L:T:P : 3:0:0 CIE Marks : 50



CO1 Understand the fundamentals of Cryptography.

CO2 Acquire knowledge on cryptographic tools used to provide confidentiality, integrity and authenticity.

CO3 Differentiate the various user authentication methods, access control schemes and authentication applications.

CO4 Acquire the knowledge on IP Security tools.

CO5 Acquire the knowledge about malicious software.

CO6 Apply Information security to real world cases



CO1 3 3 3 2 1 2 1 2 2 1 2 2

CO2 3 3 3 2 1 2 1 2 2 1 2 2

CO3 3 3 3 2 1 2 1 2 2 1 2 2

CO4 3 3 3 2 1 2 1 2 2 1 2 2

CO5 3 3 3 2 1 2 1 2 2 1 2 2

CO6 3 3 3 2 1 2 1 2 2 1 2 2


CO/PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

15

Module

No.

Module Contents Hours CO’s

1

Overview: Computer Security Concepts, Requirements,

Architecture, Trends, Strategy Perimeter Security: Firewalls,

Intrusion Detection, Intrusion Prevention systems, Honeypots

Case Study: Readings, Intrusion and intrusion detection by John

McHugh.

9

CO1

2

User Authentication: Password, Password-based, token based,

Biometric, Remote User authentication. Access Control:

Principles, Access Rights, Discretionary Access Control,

Unix File Access Control, Role Based Access Control Internet

Authentication Applications: Kerberos, X.509, PKI, Federated

Identity Management.

9

CO2,

CO3

3

Cryptographic Tools: Confidentiality with symmetric

encryption, Message Authentication & Hash Functions, Digital

Signatures, Random Numbers. Symmetric Encryption and

Message Confidentiality: DES, AES, Stream Ciphers, Cipher

Block Modes of Operation, Key Distribution.

9

CO3,

CO4

4

Internet Security Protocols: SSL, TLS, IPSEC, S/ MIME. Public

Key Cryptography and Message Authentication: Secure Hash

Functions, HMAC, RSA, Diffie Hellman Algorithms Case

Study: Readings, Programming Satan's Computer Ross

Anderson and Roger Needham.

9

CO5

5

Malicious Software: Types of Malware, Viruses & Counter

Measures, Worms, Bots, Rootkits Software Security: Buffer

Overflows, Stack overflows, Defense, Other overflow attacks

Case Study.

9

CO6

TEXT BOOKS:

1. Computer Security: Principles and Practice, William Stalling &Lawrie Brown, 2008,

Indian Edition 2010, Pearson.

REFERENCE BOOKS:

1. Readings: Smashing The Stack For Fun And Profit, Aleph One http:// www.phrack.com/issues.html ? issue = 49&id=14#article

2. Chuck Easttom, “ Computer Security Fundamentals” Pearson, 2012.

16

CIE - Continuous Internal Evaluation (50 Marks)

Bloom’s Category Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember - - -

Understand 5 5 5

Apply 5 5 5

Analyze 5 - -

Evaluate 5 5 -

Create 5 - -

SEE – Semester End Examination (50 Marks)

Bloom’s Taxonomy Marks

Remember 10

Understand 10

Apply 10

Analyze 10

Evaluate 5

Create 5

CYBER CRIME AND CYBER FORENSICS


L: T: P : 3:0:0 CIE Marks : 50



CO1 Understand the fundamentals of Cyber Crime

CO2 Analyze the nature and effect of cybercrime in society.

CO3 Demonstrate Accounting Forensics.

CO4 Analyze Computer Crime and Criminals and Liturgical Procedures.

CO5 Apply the laws and regulations to the applications

CO6 Analyze the email tracking cyber applications


CO/P

O

PO

1

PO

2

PO

3

PO

4

PO

5

PO

6

PO

7

PO

8

PO

9

PO1

0

PO1

1

PO1

2

CO1 3 2 - 1 2 - - - - - - 1

CO2 3 1 2 1 - - - - - - - 2

CO3 2 3 2 2 1 1 - - - - 1 3

CO4 3 3 3 1 1 - - - - - - 3

CO5 3 1 2 1 2 - 1 - - - - 3

CO6 3 3 2 3 1 - - 1 - - 2 3

17


CO/PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Module


1

Introduction and Overview of Cyber Crime, Nature and Scope of

Cyber Crime, Types of Cyber Crime, Social Engineering,

Categories of Cyber Crime, Property Cyber Crime.

9 CO1,

CO2

2

Unauthorized Access to Computers, Computer Intrusions, White

collar Crimes, Viruses and Malicious Code, Internet Hacking

and Cracking, Virus Attacks, Pornography, Software Piracy,

Intellectual Property, Mail Bombs, Exploitation ,Stalking

and Obscenity in Internet, Digital laws and legislation, Law

Enforcement Roles and Responses.

9 CO6

3

Introduction to Digital Forensics, Forensic Software and

Hardware, Analysis and Advanced Tools, Forensic

Technology and Practices, Forensic Ballistics and

Photography, Face, Iris and Fingerprint Recognition, Audio

Video Analysis, Windows System Forensics, Linux System

Forensics, Network Forensics.

9 CO4

4

Introduction to Cyber Crime Investigation, Investigation

Tools, eDiscovery, Digital Evidence Collection, Evidence

Preservation, E-Mail Investigation, E-Mail Tracking, IP

Tracking, E-Mail Recovery, Hands on Case Studies,

Encryption and Decryption Methods, Search and Seizure of

Computers, Recovering Deleted Evidences, Password Cracking.

9 CO2,

CO3

5

Laws and Ethics, Digital Evidence Controls, Evidence Handling

Procedures, Basics of Indian Evidence ACT IPC and CrPC ,

Electronic Communication Privacy ACT, Legal Policies.

9 CO5

TEXT BOOKS: 1. Bernadette H Schell, Clemens Martin, “Cybercrime”, ABC – CLIO Inc,

California, 2004. ”Understanding Forensics in IT “, NIIT Ltd, 2005.

2. Nelson Phillips and EnfingerSteuart, “Computer Forensics and Investigations”,

Cengage Learning, New Delhi, 2009.

18

REFERENCE BOOKS:

1. Kevin Mandia, Chris Prosise, Matt Pepe, “Incident Response and Computer Forensics

“,Tata McGraw -Hill, New Delhi, 2006.

2. Robert M Slade,” Software Forensics”, Tata McGraw - Hill, New Delhi, 2005.

CIE- Continuous Internal Evaluation (50 Marks)

Bloom’s

Category

Tests

(25

Marks)

Assignments

(15 Marks)

Quizzes

(10

Marks)

Remember 5 - -

Understand 10 - 5

Apply 10 10 5

Analyze - 5 -

Evaluate - -- -

Create - - -

SEE- Semester End Examination (50 Marks)


Remember 10

Understand 20

Apply 20

Analyze -

Evaluate -

Create -

RESEARCH METHODOLOGY

Course Code: 19SFC15 Credits: 02

L: T: P: 2:0:0 CIE Marks: 25

Exam Hours: 03 SEE Marks: 25

COURSE OUTCOMES: at the end of the course, the students will be able to:

CO1 Understand the significance and suitability of research for various engineering

applications.

CO2 Analyze the various processing techniques of research.

CO3 Understand the research in the development of engineering materials/process.

CO4 Analyze the properties/process of research through various techniques.

Understanding that when IPR would take such important place in growth of

individuals & nation CO5 Evaluate the influence of design, analysis and testing of research.

CO6 Knowledge of Report writing

19

Mapping of Course outcomes to Program outcomes:


CO1 3 2 2 2 1 1 1 1 1 1 1 2

CO2 3 2 2 2 1 1 1 1 1 1 1 2

CO3 2 2 2 2 3 1 1 1 1 1 1 2

CO4 2 2 2 2 3 1 1 1 1 1 1 2

CO5 2 2 3 2 1 3 1 1 1 1 1 2

CO6 3 3 2 2 2 1 1 1 1 1 1 1


CO/PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 1

CO4 3 2

CO5 3 1

CO6 3 2

Ratings: 3 for high, 2 for substantial, 1 for low.

Module

No Contents of Module Hrs Cos

1

Meaning of Research: problem, Sources of research

problem, Criteria Characteristics of a good research

problem, Errors in selecting a research problem, Scope

and objectives of research problem. Approaches of

investigation of solutions for research problem, data

collection, analysis, interpretation, Necessary

instrumentations

7 CO1,CO2

2

Research Design: Concept and Importance in Research –

Features of a good research design, Exploratory Research

Design, concept, types and uses, Descriptive Research

Designs, concept, types and uses. Experimental Design:

Concept of Independent & Dependent variables.

Qualitative and Quantitative Research: Qualitative

research, Quantitative research, Concept of measurement,

causality, generalization, and replication. Merging the

two approaches.

7 CO2

3

Measurement: Concept of measurement, Problems in

measurement in research, Validity and Reliability. Levels

of measurement – Nominal, Ordinal, Interval, Ratio.

7 CO3

20

Sampling: Concepts of Statistical Population, Sample,

Sampling Frame, Sampling Error, Sample Size, Non

Response. Characteristics of a good sample. Probability

Sample – Simple Random Sample, Systematic Sample,

Stratified Random Sample & Multi-stage sampling.

Determining size of the sample – Practical considerations

in sampling and sample size.

4

Interpretation of Data and Paper Writing – Layout of

a Research Paper, Journals in Computer Science, Impact

factor of Journals, When and where to publish ? Ethical

issues related to publishing, Plagiarism and Self-

Plagiarism.

Nature of Intellectual Property: Patents, Designs,

Trade and Copyright. Process of Patenting and

Development: technological research, innovation,

patenting, development. International Scenario:

International cooperation on Intellectual Property.

Procedure for grants of patents, Patenting under PCT.

7 CO4

5

References: Encyclopedias, Research Guides, Handbook

etc., Academic Databases for Computer Science

Discipline.

Use of tools / techniques for Research: methods to

search required information effectively, Reference

Management Software like Zotero/Mendeley, Software

for paper formatting like LaTeX/MS Office, Software for

detection of Plagiarism

7 CO5,CO6

Textbooks:

1. Garg, B.L., Karadia, R., Agarwal, F. and Agarwal, U.K., 2002. An introduction to

Research Methodology, RBSA Publishers.

2. Kothari, C.R., 1990. Research Methodology: Methods and Techniques. 2016, w Age

International.Fourth edition, ISBN-13: 978-9386649225

Reference Books:

1. Garg, B.L., Karadia, R., Agarwal, F. and Agarwal, U.K., 2002. An introduction to

Research Methodology, RBSA Publishers.

2. Kothari, C.R., 1990. Research Methodology: Methods and Techniques. 2016, w Age

International.Fourth edition, ISBN-13: 978-9386649225

3. Anderson, T. W., An Introduction to Multivariate Statistical Analysis, 2009, Wiley Eastern

Pvt., Ltd., New Delhi, Wiley; Third edition, BN-13: 978-8126524488

21

4 Wayne Goddard and Stuart Melville, “Research Methodology: An Introduction”, Juta

Academic; 2nd ed edition, 2001, ISBN-13: 978-0702156601

5 Robert P. Merges, Peter S. Menell, Mark A. Lemley, 2016, “ Intellectual Property in New

Technological Age”, Clause 8 Publishing , ISBN-13: 978-1945555015

ACCESS CONTROL AND IDENTITY MANAGEMENT SYSTEM


L: T: P : 4:0:0 CIE Marks : 50



CO1 Analyze to compute tasks with security contexts.

CO2 Categorize the identity management system into different classes.

CO3 Measure the different elements of Trust paradigms for various models.

CO4 Compare and contrast between Discretionary access model and Access Matrix Model.

CO5 Categorize all the active entities of a protection system.

CO6 Classify all the active entities of a protection system.



CO1 3 3 2 2 1 - - - - - - 1

CO2 3 3 2 2 - - - - - - - 2

CO3 2 2 2 2 1 1 - - - - 1 3

CO4 3 3 3 3 1 - - - - - - 3

CO5 3 3 2 2 2 - 1 - - - - 3

CO6 3 3 2 2 1 - - 1 - - 2 3


CO/PSO PSO1 PSO2

CO1 3 2

CO2 2 1

CO3 2 2

CO4 3 1

CO5 2 2

CO6 3 2

Module


1

Access control: Introduction, Attenuation of privileges,

Trust and Assurance, Confinement problem, Security design

principles, Identity Management models, local, Network,

federal , global web identity, XNS approach for global

Web identity, Centralized enterprise level Identity Management.

9 CO1,

CO2

2 Elements of trust paradigms in computing, Third party 9 CO6

22

approach to identity trust, Kerberos, Explicit third party

authentication paradigm, PKI approach to trust establishment,

Attribute certificates, Generalized web of trust models,

Examples.

3

Mandatory access control, comparing information flow in BLP

and BIBA models, Combining the BLP and BIBA models,

Chinese wall problem.

9 CO4

4

Discretionary access control and Access matrix model,

definitions, Safety problem, The take grant protection model,

Schematic protection model, SPM rules and operations,

Attenuating, Applications

9 CO2,

CO3

5

Role based access control, Hierarchical Access Control,

Mapping of a mandatory policy to RABC, Mapping

discretionary control to RBAC, RBAC flow analysis, Separation

of Duty in RBAC, RBAC consistency properties, The privileges

perspective of separation of duties, Functional specification for

RBAC.

9 CO5

TEXT BOOKS:

1. Messoud Benantar, “Access Control Systems: Security, Identity

2. Management and Trust Models”, Springer, 2009.

REFERENCE BOOKS:

1. Elena Ferrari and M. Tamer A-zsu , “Access Control In Data Management

2. Systems”, Morgan & Claypool Publishers, 2010.


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember 5 - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate - -- -

Create - - -



Remember 10

Understand 10

Apply 20

Analyze 10

Evaluate -

Create -

23

CLOUD SECURITY


L: T: P : 4:0:0 CIE Marks : 50



CO1 Demonstrate the growth of Cloud computing, architecture and different modules of

implementation.

CO2 Evaluate the different types of cloud solutions among IaaS, PaaS, SaaS.

CO3 Access the security implementation flow, actions and responsibilities of stake

holders.

CO4 Generalize the Data Centre operations, encryption methods and deployment details.

CO5 Provide recommendations for using and managing the customer's identity and choose

the type of virtualization to be used.

CO6 Summarize the need of cloud compliance and existing cloud solutions.



CO1 3 2 2 2 2 2 2 2 1 1 1 1

CO2 3 2 2 2 2 2 2 2 1 1 1 2

CO3 2 2 2 2 2 2 2 2 1 1 1 3

CO4 3 2 2 2 2 2 2 2 1 1 1 3

CO5 3 2 2 2 2 2 2 2 1 1 1 3

CO6 3 2 2 2 2 2 2 2 1 1 1 3


CO/PSO PSO1 PSO2

CO1 3 3

CO2 2 1

CO3 2 1

CO4 3 1

CO5 2 2

CO6 3 2

Module


1

Cloud Computing Architectural Framework: Cloud Benefits,

Business scenarios, Cloud Computing Evolution, cloud

vocabulary, Essential Characteristics of Cloud Computing,Cloud

deployment models, Cloud Service Models, Multi- Tenancy,

Approaches to create a barrier between the Tenants, cloud

computing vendors, Cloud Computing threats, Cloud Reference

9 CO1

24

Model, The Cloud Cube Model, Security for Cloud

Computing, How Security Gets Integrated.

2

Compliance and Audit: Cloud customer responsibilities,

Compliance and Audit Security Recommendations.

Portability and Interoperability: Changing providers reasons,

Changing providers expectations, Recommendations all

cloud solutions, IaaS Cloud Solutions, PaaS Cloud Solutions,

SaaS Cloud Solutions.

9 CO2

3

Traditional Security, Business Continuity, Disaster Recovery,

Risk of insider abuse, Security baseline, Customers actions,

Contract, Documentation, Recovery Time Objectives (RTOs),

Customers responsibility, Vendor Security Process (VSP).

9 CO3

4

Data Center Operations: Data Center Operations, Security

challenge, Implement Five Principal Characteristics of Cloud

Computing, Data center Security Recommendations. Encryption

and Key Management: Encryption for Confidentiality and

Integrity, Encrypting data at rest, Key Management

Lifecycle, Cloud Encryption Standards, Recommendations.

9 CO4,

CO5

5

Identity and Access Management: Identity and Access

Management in the cloud, 8 Hours Identity and Access

Management functions, Identity and Access Management (IAM)

Model, Identity Federation, Identity Provisioning

Recommendations, Authentication for SaaS and Paas customers,

Authentication for IaaS customers, Introducing Identity

Services, Enterprise Architecture with IDaaS , IDaaS Security

Recommendations. Virtualization: Hardware Virtualization,

Software Virtualization, Memory Virtualization, Storage

Virtualization, Data Virtualization, Network Virtualization,

Virtualization Security Recommendations.

9 CO6

TEXT BOOKS:

1.Tim Mather, Subra Kumaraswamy, Shahed Latif, “Cloud Security and Privacy, An

Enterprise Perspective on Risks and Compliance”, Oreilly Media 2009.

REFERENCE BOOKS:

1.Vic (J.R.) Winkler, “Securing the Cloud, Cloud Computer Security Techniques and

Tactics”, Syngress, April 2011.


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

25

Remember 5 - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate - -- -

Create - - -



Remember 10

Understand 10

Apply 20

Analyze 10

Evaluate -

Create -

ADVANCED CRYPTOGRAPHY


L: T: P : 4:0:0 CIE Marks : 50



CO1 Describe the concepts of principles and practice of cryptography and network security.

CO2 Demonstrate Feistel cipher, Distribution of Public Keys, digital signatures and

Authentication protocols.

CO3 Analyze the security of multiple encryption schemes and Triples DES.

CO4 Build secure authentication systems by use of message authentication techniques.

CO5 Summarize the concepts of principles and practice of visual cryptography.

CO6 Analyze the security of multiple encryption schemes and Triples DES.



CO1 3 3 3 3 3 1 1 2 1 1 1 1

CO2 3 3 3 3 3 1 1 2 1 1 1 2

CO3 3 3 3 3 3 1 1 2 1 1 1 3

CO4 3 3 3 3 3 1 1 2 1 1 1 3

CO5 3 3 3 3 3 1 1 2 1 1 1 3

CO6 3 3 3 3 3 1 1 2 1 1 1 3


CO/PSO PSO1 PSO2

CO1 3 3

26

CO2 2 1

CO3 2 2

CO4 3 2

CO5 2 2

CO6 3 2

Module


1

OSI security architecture: Classical encryption techniques, Cipher

principles, Data encryption standard, Block cipher design principles

and modes of operation, Evaluation criteria for AES, AES cipher,

Triple DES, Placement of encryption function, Traffic confidentiality.

9 CO1

2

Key management: Diffie Hellman key exchange, Elliptic curve

architecture and cryptography, Introduction to number theory,

Confidentiality using symmetric encryption, Public key cryptography

and RSA.

9 CO2

3

Authentication requirements: Authentication functions, Message

authentication codes,Hash functions, Security of hash functions and

MACS, MD5 Message Digest algorithm,Secure hash algorithm,

Ripend, HMAC digital signatures, Authentication protocols.

9 CO3,

CO4

4

Quantum Cryptography and Quantum Teleportation: Heisenberg

uncertainty principle,polarization states of photons, quantum

cryptography using polarized photons, local vs.non local interactions,

entanglements, EPR paradox, Bell’s theorem, Bell

basis,teleportation of a single qubit theory and experiments.

9 CO5

5

Future trends: Review of recent experimental achievements,

study on technological feasibility of a quantum computer

candidate physical systems and limitations imposed by noise.

9 CO6

TEXT BOOKS:

1. William Stallings, “Cryptography and Network Security -Principles and Practices”, 3rd

Edition, Prentice Hall of India, 2003.

2. Atul Kahate, “Cryptography and Network Security”, Tata McGraw -Hill, 2003.

3. William Stallings, “Network Security Essentials: Applications and Standards”, Pearson

Education Asia, 2000.

REFERENCE BOOKS:

1. R. P. Feynman, “Feynman lectures on computation”, Penguin Books, 1996.

2. Gennady P. Berman, Gary D. Doolen, Ronnie Mainiri & Valdmis Itri Frinovich,

“Introduction to quantum computers”, World Scientific, Singapore, 1998.

3. Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography” Principles

And Protocols”,CRC Press.


27

Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember 5 - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate - - -

Create - - -



Remember 10

Understand 10

Apply 20

Analyze 10

Evaluate -

Create -

APPLICATION AND WEB SECURITY


L: T: P : 4:0:0 CIE Marks : 50



CO1 Achieve Knowledge of web application’s vulnerability and malicious attacks.

CO2 Understand the basic web technologies used for web application development

CO3 Understands the basic concepts of Mapping the application.

CO4 Able to illustrate different attacking illustrations

CO5 Illustrate different attacking illustrations.

CO6 Analyze Basic concepts of Attacking Data Stores.



CO1 3 3 2 2 1 1 2 2 1 1 2 2

CO2 3 3 2 2 1 1 2 2 1 1 2 2

CO3 3 3 2 2 1 1 2 2 1 1 2 3

CO4 3 3 2 2 1 1 2 2 1 1 2 3

CO5 3 3 2 2 1 1 2 2 1 1 2 3

CO6 3 3 2 2 1 1 2 2 1 1 2 3


CO/PSO PSO1 PSO2

CO1 3 3

28

CO2 3 1

CO3 3 1

CO4 3 1

CO5 2 2

CO6 3 2

Module


1

Web Application (In) security: The Evolution of Web

Applications, Common Web Application Functions, Benefits of

Web Applications , Web Application Security. Core Defense

Mechanisms: Handling User Access Authentication,

Session Management, Access Control, Handling User Input,

Varieties of Input Approaches to Input Handling, Boundary

Validation. Multistep Validation and Canonicalization:

Handling Attackers, Handling Errors, Maintaining Audit Logs,

Alerting Administrators, Reacting to Attacks.

9 C1

2

Web Application Technologies: The HTTP Protocol, HTTP

Requests, HTTP Responses, HTTP Methods, URLs, REST,

HTTP Headers, Cookies, Status Codes, HTTPS, HTTP Proxies,

HTTP Authentication, Web Functionality, Server-Side

Functionality, Client-Side Functionality, State and Sessions,

Encoding Schemes, URL Encoding, Unicode Encoding, HTML

Encoding, Base64 Encoding, Hex Encoding, Remoting and

Serialization Frameworks.

9 CO2

3

Mapping the Application: Enumerating Content and Functionality,

Web Spidering, User-Directed Spidering, Discovering Hidden

Content, Application Pages Versus Functional Paths, Discovering

Hidden Parameters, Analyzing the Application, Identifying Entry

Points for User Input, Identifying Server-Side Technologies,

Identifying Server-Side Functionality, Mapping the Attack Surface.

9 CO3

4

Attacking Authentication: Authentication Technologies, Design

Flaws in AuthenticationMechanisms, Bad Passwords, Brute-

Forcible Login, Verbose Failure Messages, Vulnerable

Transmission of Credentials, Password Change, Functionality,

Forgotten Password Functionality, “Remember Me”

Functionality, User Impersonation, Functionality Incomplete,

Validation of Credentials, Nonunique Usernames, Predictable

Usernames, Predictable Initial Passwords, Insecure Distribution

of Credentials. Attacking Access Controls: Common

Vulnerabilities, Completely Unprotected, Functionality

Identifier-Based Functions, Multistage Functions, Static Files,

Platform Misconfiguration, Insecure Access Control Methods.

9 CO4,

CO5

5 Attacking Data Stores: Injecting into Interpreted Contexts, 9 CO6

29

Bypassing a Login, Injecting into SQL, Exploiting a Basic

Vulnerability Injecting into Different Statement Types,Finding

SQL Injection Bugs, Fingerprinting the Database, The UNION

Operator, Extracting Useful Data, Extracting Data with UNION,

Bypassing Filters, Second-Order SQL Injection, Advanced

Exploitation Beyond SQL Injection: Escalating the Database

Attack, Using SQL Exploitation Tools, SQL Syntax and Error

Reference, Preventing SQL Injection.

TEXT BOOKS:

1. The Web Application Hacker's Handbook: Finding And Exploiting Security

2. Defydd Stuttard, Marcus Pinto Wiley Publishing, Second Edition.

REFERENCE BOOKS:

1. Professional Pen Testing for Web application, Andres Andreu, Wrox Press.

2. Carlos Serrao, Vicente Aguilera, Fabio Cerullo, “Web Application Security” Springer;

1st Edition

3. Joel Scambray, Vincent Liu, Caleb Sima ,“Hacking exposed”, McGraw-Hill;

3rd Edition, (October, 2010).

4. OReilly Web Security Privacy and Commerce 2nd Edition 2011.

5. Software Security Theory Programming and Practice, Richard sinn, Cengage Learning.

6. Database Security and Auditing, Hassan, Cengage Learning.


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember 5 - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate - -- -

Create - - -



Remember 5

Understand 20

Apply 10

30

Analyze 5

Evaluate 10

Create -

ETHICAL HACKING LABORATORY

Course Code :19SFCL17 Credits : 02


Exam Hours :03 SEE Marks : 25

Course Outcomes: At the end of the Course, the Student will be able to do the following:

CO1 Learn aspects of security, importance of data gathering, foot printing and system hacking.

CO2 Learn tools and techniques to carry out a penetration testing.

CO3 How intruders escalate privileges?

CO4 Explain Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer

Overflows and Virus Creation.

CO5 Compare different types of hacking tools.

CO6 Apply the techniques for real world problems in the domain



CO1 3 3 3 2 2 - - - 1 1 - 2

CO2 3 3 3 2 2 - - - 1 1 - 2

CO3 3 3 3 2 2 - - - 1 1 - 2

CO4 3 3 3 2 2 - - - 1 1 - 2

CO5 3 3 3 2 2 - - - 1 1 - 2

CO6 3 3 3 2 2 1 1 2


CO/PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Experiment

No. Experiment

1 Wireshark: Experiment to monitor live network capturing packets and

31

analyzing over the live network. 2 LOIC: DoS attack using LOIC.

3 FTK: Bit level forensic analysis of evidential image and reporting the same.

4 Darkcomet : Develop a malware using Remote Access Tool Darkcomet to take a remote access over network. 4.

5 HTTrack: Website mirroring using Httrack and hosting on a local network.

6 XSS: Inject a client side script to a web application

7 Emailtrackerpro: Email analysis involving header check, tracing the route. Also perform a check on a spam mail and non-spam mail.

Note:

For SEE Examination:

Student should demonstrate the one experiment from list mentioned above.

Examination will be conducted for 50 marks and scaled down to 25 marks

Marks Distribution : Procedure write-up – 20%

Conduction – 60%

Viva – Voce – 20%

Change of the experiment is allowed only once and procedure write-up marks will be

considered as ‘0’

TEXT BOOKS:

1. Stuart McClure, Joel Scambray and Goerge Kurtz, Hacking Exposed 7:

Network Security Secrets & Solutions, Tata McGraw Hill Publishers, 2010.

2. Bensmith, and Brian Komer, Microsoft Windows Security Resource Kit,

Prentice Hall of India, 2010.

REFERENCE BOOKS:

1. Stuart McClure, Joel Scambray and Goerge Kurtz, “Hacking Exposed Network

Security Secrets & Solutions”, 5th Edition, Tata McGraw Hill Publishers, 2010.

2. RafayBaloch, “A Beginners Guide to Ethical Hacking”.

3. Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, “Gray Hat Hacking

The Ethical Hackers Handbook”, 3rd Edition, McGraw-Hill Osborne Media

Paperback (January 27, 2011)

Assessment Pattern:


Bloom’s

Category

Tests

(25 Marks)

Remember -

Understand 5

Apply 15

32

Analyze 5

Evaluate -

Create -

SEE- Semester End Examination (25 Marks).

NUMBER THEORY AND CRYPTOLOGY LAB

Course Code :19SFCL18 Credits : 02




CO1 Understand the significance of cryptography to the modern world and the internet.

CO2 Understand the rationale behind block cipher design.

CO3 Perform the cryptanalysis of a simple block cipher.

CO4 Integrate cryptographic algorithms into software projects.

CO5 Solve elementary problems in number theory relating to cryptography.

CO6 Build on number theoretic basics to further their knowledge of advanced methods of

cryptography


CO/


CO1 3 3 3 2 - 1 2 1 3 2 1 2

CO2 3 3 3 2 - 1 2 1 3 2 1 2

CO3 3 3 3 2 - 1 2 1 3 2 1 2

CO4 3 3 3 2 - 1 2 1 3 2 1 2

CO5 3 3 3 2 - 1 2 1 3 2 1 2

Bloom’s

Category

Questions

(25 Marks)

Remember -

Understand 5

Apply 15

Analyze 5

Evaluate -

Create -

33

CO6 3 3 3 2 - 1 2 1 3 2 1 2


CO/

PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Experiment No. Experiment

1 Implement the Chinese Remainder Theorem in Java

2 Implement Fermat Primality Test Algorithm in Java.

3 Write a Java program to perform encryption and decryption using the

following algorithms: a) Ceaser Cipher b) Substitution Cipher c) Hill Cipher

4 Write a Java program to implement the DES algorithm logic

5

Implement the Diffie-Hellman Key Exchange mechanism using HTML and

JavaScript. Consider the end user as one of the parties (Alice) and the

JavaScript application as other party (bob).

6 Write a Java program to implement RSA Algoithm

7 Calculate the message digest of a text using the SHA-1 algorithm in JAVA.

Note:

For SEE Examination:

Student should demonstrate the one experiment from list mentioned above.

Examination will be conducted for 50 marks and scaled down to 25 marks

Marks Distribution : Procedure write-up – 20%

Conduction – 60%

Viva – Voce – 20%

Change of the experiment is allowed only once and procedure write-up marks will be

considered as ‘0’

TEXT BOOKS:

1. A Course in Number Theory and Cryptography, Â Neal Koblitz, (Springer 2006)

2. An Introduction to Mathematical Cryptography, Jill Pipher, Jeffrey Hoffstein, Joseph

H. Silverman (Springer, 2008)

3. An Introduction to theory of numbers, Niven, Zuckerman and Montgomery, (Wiley

2006)

34

4. Elliptic curves: number theory and cryptography, Lawrence C. Washington,

(Chapman & Hall/CRC 2003)

REFERENCE BOOKS:

1. An Introduction to Cryptography, R.A. Mollin (Chapman & Hall, 2001)

2. Rational Points on Elliptic Curves, Silverman and Tate (Springer 2005)

3. Guide to elliptic curve cryptography Hankerson, Menezes, Vanstone (Springer, 2004)

4. Elementary Number Theory, Jones and Jones (Springer, 1998)

Assessment Pattern:


Bloom’s

Category

Tests

(25 Marks)

Remember -

Understand 5

Apply 10

Analyze 5

Evaluate 5

Create -

SEE- Semester End Examination (25 Marks).

MINI PROJECT




The student will carry out a mini project relevant to the course. The project must be

development of an application (Hardware/Software). It is preferable if the project is based on

mobile application development.

Conduction of Practical Examination:

The student shall prepare the report by including:

1. Define project ( Problem Definition)

2. Prepare requirements document

3. Statement of work

Bloom’s

Category

Questions

(25 Marks)

Remember -

Understand 5

Apply 15

Analyze 5

Evaluate -

Create -

35

4. Functional requirements

5. Software / Hardware requirements

6. Develop use cases

7. Research, analyze and evaluate existing learning materials on the application

8. Develop user interface and implement code

9. Prepare for final demo

SECOND SEMESTER

(SYLLABUS)

36

PRESERVING AND RECOVERING DIGITAL EVIDENCE

Course Code: 19SFC21 Credits: 04

L: T: P: 4:0:0 CIE Marks: 50

Exam Hours : 03 SEE Marks: 50



Course Syllabus

Module

No. Contents of the Module Hours COs

1

Digital evidence and computer crime: history and terminals of

computer crime investigation, technology and law, the investigate

process, investigate reconstruction, modus operandi, motive and

technology, digital evidence in the court room.

9

CO1

2

Computer basics for digital investigators: applying forensic science

to computers, forensic examination of windows systems, forensic

xamination of Unix systems, forensic examination of Macintosh

systems, and forensic examination of handheld devices.

9

CO2

3

Networks basics for digital investigators: applying forensic science to

networks, digital evidence on physical and datalink layers, digital

idence on network and transport layers, digital evidence on the internet

.

9

CO3,

CO4

4

Investigating computer intrusions, investigating cyber stalking, digital

evidence as alibi.

9

CO5

5

Handling the digital crime scene, digital evidence examination

guidelines.

9

CO6

CO1 Summarize Digital evidence and computer crime and Laws

CO2 Illustrate the Computer basics for digital investigators w.r.t Unix and Macintosh systems

CO3 Illustrate the Networks basics for digital investigators

CO4 Investigate computer intrusions and cyber stalking

CO5 Interpret the basic concepts how to Handling the digital crime scene, digital evidence

examination guidelines

CO6 Analyze the Digital evidence in real time applications


CO1 3 3 2 3 1 2 1 2 1 3 2 2

CO2 3 3 2 3 1 2 1 2 1 3 2 2

CO3 3 3 2 3 1 2 1 2 1 3 2 2

CO4 3 3 2 3 1 2 1 2 1 3 2 2

CO5 3 3 2 3 1 2 1 2 1 3 2 2

CO6 3 3 2 3 1 2 1 2 1 3 2 2

37

TEXT BOOKS:

1. Digital Evidence and Computer Crime Forensic science, Computers and Internet -

Eoghan Case Elsevier Academic Press, Second Edition.

REFERENCE BOOKS:

1. A Electronic Discovery and Digital Evidence in a Nut Shell-Shira A scheindlin,

Daniel J Capra The Sedona Conference, Academic Press, Third Edition (No where

available).

2. Digital Forensic for Network, Internet, and Cloud Computing A forensic evidence

guide for moving Targets and Data’ – Terrence V.Lillard, Glint P.Garrison, Craig

A..Schiller, James SteeSyngress.

3. The Best Damn Cybercrime and Digital Forensics Book Period’ [Paperback]

Jack Wiles , Anthony Reyes , Jesse Varsalone, Syngress Edition, 2007.

Assessment Pattern:


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks )

Quizzes

(10 Marks )

Remember 5 - -

Understand 5 5 -

Apply 5 5 10

Analyze 5 5 -

Evaluate 5 - -

Create - - -

SEE- Semester End Examination (50Marks).

Bloom’s Category Questions (50 Marks)

Remember 10

Understand 10

Apply 10

Analyze 10

Evaluate 10

Create -

38

OPERATING SYSTEM SECURITY

Course Code : 19SFC22 Credits: 04

L: T: P : 4:0:0 CIE Marks: 50


Course Outcomes: At the end of the course the student will be able to:

CO1 Define fundamental concepts and mechanisms for enforcing security in OS.

CO2 Build a secure OS by exploring the early work in OS.

CO3 Illustrate formal security goals and variety of security models proposed for development of secure operating systems.

CO4 Describe architecture of various secure OS and retrofitting security feature on existing commercial OS's.

CO5 Analyze variety of approaches applied to the development & extension services for

securing operating systems.

CO6 Develop the security systems for real time applications

Mapping of Course Outcomes with Program Outcomes

CO/


CO1 3 2 3 2 2 1 1 2 1 1 1 1

CO2 3 2 3 2 2 1 1 2 1 1 1 1

CO3 3 2 3 2 2 1 1 2 1 1 1 1

CO4 3 2 3 2 2 1 1 2 1 1 1 1

CO5 3 2 3 2 2 1 1 2 1 1 1 1

CO6 3 2 3 2 2 1 1 2 1 1 1 1

Mapping of Course Outcomes with Program Specific Outcomes

CO/

PSO PSO1 PSO2

CO1 2 1

CO2 2 1

CO3 2 1

CO4 2 1

CO5 2 1

CO6 2 1

Module


1 Introduction: Secure OS, Security Goals, Trust Model, Threat Model,

Access Control. Fundamentals: Protection system, Lampson’s Access

Matrix, Mandatory protection system.

9 CO1

2 Multics: Fundamentals, multics protection system models, multics

reference model, multics security, multics vulnerability analysis. 9 CO2

39

TEXT BOOKS: 1. Trent Jaeger, Operating system security, Morgan & Claypool Publishers, 2008

REFERENCES:

1. Michael Palmer, Guide to Operating system Security Thomson

2. Andrew S Tanenbaum, Modern Operating systems, 3rd Edition

3. Secure Operating Systems. John Mitchell. Multics-Orange Book-Claremont.


Bloom’s Taxonomy

Tests

(25

Marks)

Assignments

(15 Marks)

Quizzes

(10

Marks)

Remember - - -

Understand 10 5 5

Apply 10 5 5

Analyze 5 5 -

Evaluate - - -

Create - - -

SEE – Semester End Examination (50 marks)

Bloom’s Taxonomy Tests

Remember 5

Understand 20

Apply 25

Analyze -

Evaluate -

Create -

3

Security in ordinary operating system: UNIX security, windows

security Verifiable security goals: Information flow, information flow

secrecy, models, information flow integrity model, the challenges of

trusted, process, covert channels.

9 CO3

4

Security Kernels: The Security Kernels, secure communications,

processor Scomp, Gemini secure OS, Securing commercial OS,

Retrofitting security into a commercial OS, History Retrofitting

commercial OS, Commercial era, microkernel era, UNIX era- IX,

domain and type enforcement.

9 CO4

5

Case study: Solaris Extensions Trusted extensions, access

control, Solaris compatibility, trusted extensions, mediations process

rights management, role based access control, trusted extensions,

networking trusted extensions, multilevel services, trusted extensions

administration.

Case study: Building secure OS for Linux: Linux security modules,

security enhanced Linux.

9 CO5,

CO6

40

SECURED PROGRAMMING


L:P:T : 4:0:0 CIE Marks : 50



CO1 How to respond to security alerts which identifies software issues

CO2 Identify possible security programming errors

CO3 Define methodology for security testing and use appropriate tools in its implementation

CO4 Apply new security-enhanced programming models and tools

CO5 Analyze the security issues in applications using programming techniques

CO6 Identify the attacks on the applications and analyze the root cause



CO1 3 2 3 1 3 2 2 2 - - - 3

CO2 3 3 3 2 3 2 2 2 - - - 3

CO3 2 2 3 3 2 2 2 2 - - - 3

CO4 2 2 3 3 2 2 2 2 - - 1 3

CO5 3 1 3 3 3 2 2 2 1 1 1 3

CO6 2 2 3 2 2 2 2 2 3 1 2 3


CO/PSO PSO1 PSO2

CO1 3 1

CO2 3 1

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Module

No. Module Contents Hours COs

1

Validating all input & Designing secure programs: Command line and

environment variables, File descriptors, names and contents, Web

based application inputs, Locale selection and character encoding,

Filtering represent able URIs, preventing cross site malicious input

content, Forbidding HTTP Input to perform non-queries. Good

9

CO1

41

security design principles: Securing the interface, separation of data

and control. Minimize privileges: Granted, time, modules,

resources etc, Using chroot, careful use of setuid/setgid, Safe

default value and load initializations. Avoid race conditions

2

Declarations and Initializations and Expressions: Declare objects

with appropriate storage durations, Identifier declaration with

conflict linkage classifications, Using correct syntax for declaring

flexible array member, Avoiding information leakage in structure

padding, Incompatible declarations of same function or object.

Dependence on evaluation order for side effects: Reading uninitialized

memory and dereferencing null pointers, Modifying objects with

temporary lifetime, Accessing variable through (pointer)

incompatible type, Modifying constant objects and comparing padding

data.

9

CO2

3

Integers and Floating Points: Wrapping of unsigned integers, Integer

conversions and misrepresented data, Integer overflow and divide by

zero errors, Shifting of negative numbers, Using correct integer

precisions, Pointer conversion to integer and vice versa. Floating point

values for counters: Domain and range errors in math functions,

Floating point conversions and preserving precision.

9

CO3

4

Arrays , Strings and Memory Management: Out of bounds subscripts

and valid length arrays, Comparing array pointers, Pointer arithmetic

for non-array object, scaled integer, Modifying string literals, Space

allocation for strings (Null terminator), Casting large integers as

unsigned chars, Narrow and wide character strings and functions.

Accessing freed memory: Freeing dynamically allocated memory,

Computing memory allocation for an object.

9 CO4

5

I/O, Signals and Error Handing: User input and format strings,

Opening an pre-opened file, Performing device operations appropriate

for files, Dealing with EOF, WEOF,Copying FILE object, Careful use

of fgets, fgetws, getc, putc, putwc. Use of fsetops and fgetops,

Accessing closed files.

9

CO5

,

CO6

TEXT BOOKS

1. Robert C. Seacord, “The CERT ® C Coding Standard: 9 8 Rules for

Developing Safe, Reliable, and Secure Systems, Second Edition”, Addi son

Wesley Professional, April 2014

2. David Wheeler, “Secure Programming for Linux and Un ix HowTo”, Linux Documentation project, Aug 2004

REFERENCES:

1. JohnViega, Matt Messier, “Secure Programming Cookbo ok for C and C++”,

O'Reilly Media, 1st Edition, July 2003.

42

CIE- Continuous Internal Evaluation (50Marks)


(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember - - -

Understand 5 - -

Apply 5 - 2.5

Analyze 5 - 2.5

Evaluate 5 5 -

Create 5 5 -


Blooms Category Tests

Remember 5

Understand 15

Apply 20

Analyze 5

Evaluate 5

Create -

CYBER LAWS AND ETHICS

Course Code : 19SFC24 Credits: 04

L:P:T : 4:0:0 CIE Marks: 50



CO1 Describe the Indian legal system, ITA 2000/2008, cyber security and related legal

issues.

CO2

Classify the Types of contract law, Digital signature , related legal issues, the

Intellectual property rights, types of cyber properties, copyright law, patent and

related legal issues, the types of cyber crimes and related legal issues, the types of

cyber crimes and related legal issues

CO3 Interpret the cyber crime investigation and prosecution in depth

CO4 Apply the Cyber laws and to follow the ethics in the product development

CO5 Identify the Intellectual Property Rights for the concept developed

CO6 Analyze the cyber crime rate and effective measures to minimize it.



CO1 3 2 2 2 - 1 1 1 1 2 1 1

43

CO2 3 2 2 2 - 1 1 1 1 2 1 1

CO3 3 2 2 2 - 1 1 1 1 2 1 1

CO4 3 2 2 2 - 1 1 1 1 2 1 1

CO5 3 2 2 2 - 1 1 1 1 2 1 1

CO6 3 2 2 2 - 1 1 1 1 2 1 1

Mapping of Course Outcomes to Program Specific Outcomes(PSOs):

CO/PSO PSO1 PSO2

CO1 3 2

CO2 3 2

CO3 3 2

CO4 3 2

CO5 3 2

CO6 3 2

Module

No Module Contents Hours COs

1

Introduction to Cyber Law and Cyber Ethics: Introduction to Cyber

Crimes and Ethical Issues in IT, Basic concepts of Law and Information

Security, overview Of Information Security obligations under ITA

2008, Privacy and data protection concepts.

9 CO1

2

Law of Contracts applicable for Cyber Space transactions: introduction to

Contract law, legal recognition of Electronic Documents,

Authentication of Electronic Documents, Cyber space contracts,

Resolution of Contractual disputes, stamping of Contractual document.

9 CO2

3

Intellectual Property Law for Cyber Space: Concept of Virtual assests,

nature of Intellectual property, Trademarks and domain names, copyright

law, law of patents. 9 CO3

4

Classification – civil, criminal cases. Essential elements of criminal law.

Constitution and hierarchy of criminal courts. Criminal Procedure Code.

Cognizable and non-cognizable offences. Bailable and non-bailable

offences. Sentences which the court of Chief Judicial Magistrate may

pass. Indian Evidence Act – Evidence and rules of relevancy in brief.

Expert witness. Cross examination and re-examination of witnesses.

Sections 32, 45, 46, 47, 57, 58, 60, 73, 135, 136, 137, 138, 141. Section

293 in the code of criminal procedure.

9 CO4

44

5

Miscellaneous Issues in Cyber Crimes and Cyber Security: Cyber

Crime Investigation and Prosecution, Digital evidence and Cyber

forensics, Jurisdiction issues, Information Security Management in

corporate Sector.

9 CO5

CO6

TEXT BOOKS:

1. Cyber Laws for Engineers, Naavi, Ujvala Consultants Pvt Ltd, 2010.

REFERENCES: 1. Deborah G Johnson, Computer Ethics, Pearson Education Pub., ISBN : 81-7758-

593-2.

2. Earnest A. Kallman, J.P Grillo, Ethical Decision making and Information Technology: An Introduction with Cases, McGraw Hill Pub.

3. John W. Rittinghouse, William M. Hancock, Cyber security Operations Handbook, Elsevier Pub.

4. Michael E. Whitman, Herbert J. Mattord, Principles of Information Security, 2nd Edition, Cengage Learning Pub.

5. Randy Weaver, Dawn Weaver, Network Infrastructure Security, Cengage Learning Pub



(25 Marks)

Assignments

(15 Marks)

Quizzes

(10

Marks)

Remember 5 - -

Understand 5 - -

Apply 10 10 10

Analyze 5 - -

Evaluate - - -

Create - 5 -

SEE – Semester End Examination (50 marks)


Remember 5

Understand 10

Apply 15

Analyze 5

Evaluate 5

Create 10

45

BIOMETRIC SECURITY


L: T: P : 4:0:0 CIE Marks : 50



CO1 Illustrate the capability to select a suitable algorithm / system for a given application

context

CO2 Illustrate of data privacy principles and the impact on the design and configuration of biometric systems.

CO3 Visualize traditional and biometric systems.

CO4 Analyze different algorithms of biometric systems.

CO5 Compare strengths and weaknesses of different biometric systems.

CO6 Design multimodal biometric systems.



CO1 3 3 2 2 2 1 1 - - - 1 1

CO2 3 3 2 2 2 1 1 - - - 1 2

CO3 3 2 2 2 2 1 1 - - - 2 3

CO4 3 3 2 3 2 1 1 - - - 1 3

CO5 3 3 2 2 2 1 1 - - - 1 1

CO6 3 3 2 2 2 1 1 1 - - 2 3


CO/PSO PSO1 PSO2

CO1 3 3

CO2 2 1

CO3 2 1

CO4 2 1

CO5 1 2

CO6 3 2

Module


1

Biometrics: Introduction, benefits of biometrics over

traditional authentication systems, benefits of biometrics in

identification systems, selecting a biometric for a system,

Applications, Key biometric terms and processes, biometric

matching methods, Accuracy in biometric systems.

9 CO1

2 Physiological Biometric Technologies: Fingerprints: 9 CO2,

46

Technical description, characteristics, Competing technologies,

strengths, weaknesses, deployment. Facial scan: Technical

description, characteristics, weaknesses, deployment. Iris

scan: Technical description, characteristics, strengths,

weaknesses, deployment. Retina vascular pattern: Technical

description, characteristics, strengths, weaknesses,

deployment. Hand scan: Technical description, characteristics,

strengths, weaknesses, deployment , DNA biometrics.

CO3

3

Behavioral Biometric Technologies: Handprint Biometrics,

DNA Biometrics, signature and handwriting technology,

Technical description, classification, keyboard / keystroke

Dynamics, Voice, data acquisition, feature extraction,

characteristics, strengths, weaknesses deployment.

9 CO4

4

Multi biometrics: Multi biometrics and multi factor

biometrics, two-factor authentication with passwords,

tickets and tokens, executive decision, implementation

plan.

9 CO5

5 Case studies on Physiological, Behavioral and multifactor

biometrics in identification systems. 9 CO6

TEXT BOOKS:

1. Samir Nanavathi, Michel Thieme, and Raj Nanavathi, Biometrics –Identity

verification in a networked World, Wiley Eastern, 2002.

2. John Chirillo and Scott Blaul, Implementing Biometric Security, Wiley Eastern

Publications, 2005.

REFERENCE BOOKS:

1. John Berger, Biometrics for Network Security, Prentice Hall, 2004.


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember 5 - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate - -- -

Create - - -



Remember 10

47

Understand 10

Apply 20

Analyze 10

Evaluate -

Create -

TRUST MANAGEMENT IN E-COMMERCE

Course Code : 19SF252 Credits : 04

L: T: P : 4:0:0 CIE Marks : 50



CO1 Illustrate technologies & tools for E-Commerce with emphasis on Security

CO2 Identify best techniques & practices for different types of legacy & partner

requirements

CO3 Analysis and explain the issues, risks and challenges in inter-organizational trust in E-Commerce

CO4 Describe the Trusted platforms for organizations and individuals

CO5 Illustrate the Key components and Trust mechanisms of trusted computing platform.

CO6 Describe the Trusted platforms for organizations and individuals



CO1 3 2 2 2 1 - - 3 - - 1 1

CO2 3 2 2 2 1 - - 3 - - 1 2

CO3 2 2 2 2 1 - - 3 - - 1 3

CO4 3 3 3 3 1 - - 3 - - 1 3

CO5 3 2 2 2 2 - - 3 - - 1 3

CO6 3 2 2 2 1 - - 3 - - 1 3


CO/PSO PSO1 PSO2

CO1 3 3

CO2 2 1

CO3 2 1

CO4 3 1

CO5 2 2

CO6 3 2

Module


1

Introduction to E-Commerce: Network and E-Commerce,

Types of E-Commerce. Ecommerce Business Models: B2C,

B2B, C2C, P2P and M-commerce business models. Ecommerce

9 CO

48

Payment systems: Types of payment system, Credit card E-

Commerce transactions, B2C E-Commerce Digital payment

systems, B2B payment system.

2

Security and Encryption: E-Commerce Security Environment,

Security threats in Ecommerce environment, Policies,

Procedures and Laws. 9 CO2

3

Inter-organizational trust in E-Commerce: Need, Trading

partner trust, Perceived benefits and risks of E-Commerce,

Technology trust mechanism in E-Commerce, Perspectives of

organizational, economic and political theories of inter-

organizational trust, Conceptual model of inter-organizational

trust in E-Commerce participation.

9 CO3

4

Introduction to trusted computing platform: Overview,

Usage Scenarios, Key components of trusted platform, Trust

mechanisms in a trusted platform.

9 CO4,

CO5

5

Trusted platforms for organizations and individuals: Trust

models and the E-Commerce

domain.

9 CO6

TEXT BOOKS:

1. Kenneth C. Laudon and Carol Guercio Trave, Study Guide to E-Commerce

Business Technology Society, Pearson Education, 2005.

2. Pauline Ratnasingam, Inter-Organizational Trust for Business-to-Business E-

Commerce,IRM Press, 2005.

REFERENCE BOOKS:

1. Siani Pearson, et al, Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR, 2002.


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember 5 - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate - -- -

Create - - -



Remember 10

49

Understand 10

Apply 20

Analyze 10

Evaluate -

Create -

INFORMATION SECURITY POLICIES IN INDUSTRY


L: T: P : 4:0:0 CIE Marks : 50



CO1 Illustrate the differences between the organization’s general information security policy and the needs and objectives of the various issue-specific and system-specific policies the organization will create.

CO2 Interpret organization institutionalizes its policies, standards, and practices using education, training and awareness programs.

CO3 Illustrate the threats to the stored data or data in transit and able to write policy

document

CO4 Able to write policy document for securing network connection and interfaces.

CO5 Describe the content, need, and responsibilities of information security policies.

CO6 Become familiar with what viable information security architecture is, what it includes, and how it is used



CO1 3 2 2 2 1 - - 2 - - 1 1

CO2 3 2 2 2 1 - - 2 - - 1 2

CO3 2 2 2 2 1 1 - 2 - - 1 3

CO4 3 3 3 3 1 - - 2 - - 1 3

CO5 3 2 2 2 2 - 1 2 - - 1 3

CO6 3 2 2 2 1 - - 2 - - 1 3


CO/PSO PSO1 PSO2

CO1 3 3

CO2 2 1

CO3 2 1

CO4 3 1

CO5 2 2

CO6 3 2

50

Module


1

Introduction to Information Security Policies: About

Policies, why Policies are Important, When policies should be

developed, How Policy should be developed, Policy needs,

Identify what and from whom it is being protected, Data security

consideration, Backups, Archival storage and disposal of data,

Intellectual Property rights and Policies, Incident Response and

Forensics, Management Responsibilities, Role of Information

Security Department, Security Management and Law

Enforcement, Security awareness training and support.

9 CO

2

Policy Definitions, Standards, Guidelines, Procedures with

examples, Policy Key elements, Policy format and Basic Policy

Components, Policy content considerations, Program Policy

Examples, Business Goal Vs Security Goals, Computer Security

Objectives, Mission statement Format, Examples, Key roles

in Organization, Business Objectives, Standards: International

Standards.

9 CO2

3

Writing The Security Policies: Computer location and

Facility construction,Contingency Planning, Periodic System

and Network Configuration Audits,Authentication and

Network Security, Addressing and Architecture, Access

Control,Login Security, Passwords, User Interface,

Telecommuting and Remote Access,Internet Security Policies,

Administrative and User Responsibilities, WWW Policies,

Application Responsibilities, E-mail Security Policies.

9 CO3

4

Establishing Type of Viruses Protection: Rules for handling

Third Party Software,User Involvement with Viruses, Legal

Issues, Managing Encryption and Encrypted data, Key

Generation considerations and Management, Software

Development policies, Processes Testing and Documentation,

Revision control and Configuration management, Third Party

Development, Intellectual Property Issues.

9 CO4,

CO5

5

Maintaining the Policies: Writing the AUP, User Login

Responsibilities,Organization’s responsibilities and

Disclosures, Compliance and Enforcement,Testing and

Effectiveness of Policies, Publishing and Notification

Requirements of the Policies, Monitoring, Controls and

Remedies, Administrator Responsibility, Login Considerations,

9 CO6

51

Reporting of security Problems, Policy Review Process, The

Review Committee, Sample Corporate Policies, Sample Security

Policies.

TEXT BOOKS:

1. Scott Barman, Writing Information Security Policies, Sams Publishing, 2002.

2. Thomas.R.Peltier, Information Policies, Procedures and Standards, CRC Press, 2004.

REFERENCE BOOKS:

1. Thomas R Peltier, Justin Peltier, John Backley, “ I nformation Security

Fundamentals”, Auerbach publications, CRC Press, 2005.

2. Harold F. Tipton and Micki Krause “Information Secu rity Management

Handbook”, Auerbach publications, 5th Edition, 2005.


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember - - -

Understand 5 - 5

Apply 10 10 5

Analyze 5 5 -

Evaluate 5 -- -

Create - - -



Remember -

Understand 10

Apply 20

Analyze 10

Evaluate 10

Create -

DATABASE SECURITY


L: T: P : 4:0:0 CIE Marks : 50



CO1 Fundamental security concepts and architectures that serve as building blocks to

database security

52

CO2 Operational components necessary to maximize database security using various

security models

CO3 Carry out a risk analysis for a large database

CO4 Implement identification and authentication procedures, fine-grained access control

and data encryption techniques

CO5 Implement identification and authentication procedures, fine-grained access control

and data encryption techniques

CO6 Set up accounts with privileges and roles



CO1 3 2 2 2 1 - - - - - 1 1

CO2 3 2 2 2 - - - - - - 1 2

CO3 2 2 2 2 1 1 - - - - 1 3

CO4 3 3 3 3 1 - - - - - 1 3

CO5 3 2 2 2 2 - 1 - - - 1 3

CO6 3 2 2 2 1 - - 1 - - 1 3


CO/PSO PSO1 PSO2

CO1 3 3

CO2 2 1

CO3 2 1

CO4 3 1

CO5 2 2

CO6 3 2

Module


1

Introduction: Introduction to Databases, Security Problems

in Databases Security Controls Conclusions. Security Models

1: Introduction, Access Matrix Model, Take- Grant Model,

Acten Model, PN Model, Hartson and Hsiao's Model,

Fernandez's Model, Bussolati and Martella's Model for

Distributed databases.

9 CO

2

Security Models 2: Bell and LaPadula's Model, Biba's Model,

Dion's Model, Sea View Model, Jajodia and Sandhu's Model,

The Lattice Model for the Flow Control conclusion.

Security Mechanisms: Introduction, User

Identification/Authentication, Memory Protection, Resource

Protection, Control Flow Mechanisms, Isolation, Security

Functionalities in Some Operating Systems, Trusted

9 CO2

53

Computer System, Evaluation Criteria.

3

Security Software Design: Introduction, A Methodological

Approach to Security,Software Design, Secure Operating

System Design, Secure DBMS Design, SecurityPackages,

Database Security Design.

9 CO3

4

Statistical Database Protection & Intrusion Detection Systems:

Introduction, Statistics,Concepts and Definitions, Types of

Attacks, Inference Controls, evaluation Criteria forControl

Comparison, Introduction IDES System, RETISS System,

ASES System Discovery.

9 CO4,

CO5

5

Models For The Protection Of New Generation Database

Systems 1: Introduction, A Model for the Protection of Frame

Based Systems, A Model for the Protection of Object-Oriented

Systems, SORION Model for the Protection of Object-

Oriented Databases. Models For The Protection Of New

Generation Database Systems 2: A Model for the Protection of

New Generation Database Systems, the Orion Model, Jajodia

and Kogan's Model, A Model for the Protection of Active

Databases Conclusions.

9 CO6

TEXT BOOKS: 1. Database Security and Auditing, Hassan A. Afyoun i, India Edition, CENGAGE

Learning, 2009.

2. Database Security, Castano, Second edition, Pearson Education.

REFERENCE BOOKS:

1. Database security by Alfred Basta, Melissa Zgola , CENGAGE learning..


Bloom’s

Category

Tests

(25 Marks)

Assignments

(15 Marks)

Quizzes

(10 Marks)

Remember 5 - -

Understand 5 - 5

Apply 5 5 5

Analyze 5 5 -

Evaluate 5 - -

Create - 5 -



Remember 10

Understand 10

Apply 10

Analyze 10

Evaluate 10

54

Create -

SEMINAR




1.Identifying recent IEEE base paper and formulating the framework for future enhancement

and it should be approved by PG committee.

2.Minimum 3 reviews to be conducted by the PG committee.

3. Report on work carried out for the seminar.

4. CIE marks shall be awarded by a committee comprising of HoD as Chairman, Guide/co-

guide, if any, and a senior faculty of the department. Participation in the seminar by all

postgraduate students of the same and other semesters of the programme shall

be mandatory.

5. The CIE marks awarded for Technical Seminar, shall be based on the evaluation of

Seminar Report, Presentation skill and Question and Answer session in the ratio 50:25:25.

MINI PROJECT




The student will carry out a mini project relevant to the course. The project must be

development of an application (Hardware/Software).

Conduction of Practical Examination:

The student shall prepare the report by including:

1. Define project ( Problem Definition)

2. Prepare requirements document

3. Statement of work

4. Functional requirements

5. Software / Hardware requirements

6. Develop use cases

7. Research, analyze and evaluate existing learning materials on the application

8. Develop user interface and implement code

9. Prepare for final demo

55

APPENDIX A

Outcome Based Education

Outcome-based education (OBE) is an educational theory that bases each part of

aneducational system around goals (outcomes). By the end of the educational experience

each student should have achieved the goal. There is no specified style of teaching or

assessment in OBE; instead classes, opportunities, and assessments should all help students

achieve the specified outcomes.

There are three educational Outcomes as defined by the National Board of Accredition:

Program Educational Objectives: The Educational objectives of an engineering

degreeprogram are the statements that describe the expected achievements of graduate in

their career and also in particular what the graduates are expected to perform and achieve

during the first few years after graduation. [nbaindia.org]

Program Outcomes: What the student would demonstrate upon graduation.

Graduateattributes are separately listed in Appendix C

Course Outcome: The specific outcome/s of each course/subject that is a part of theprogram

curriculum. Each subject/course is expected to have a set of Course Outcomes

Mapping of Outcomes

56

APPENDIX B

The Graduate Attributes of NBA

Engineering knowledge: Apply the knowledge of mathematics, science,

engineeringfundamentals, and an engineering specialisation to the solution of complex

engineering problems. Problem analysis: Identify, formulate, research literature, and analyse complex

engineeringproblems reaching substantiated conclusions using first principles of

mathematics, natural sciences, and engineering sciences. Design/development of solutions: Design solutions for complex engineering problems and

design system components or processes that meet the specified needs with appropriate

consideration for the public health and safety, and the cultural, societal, and environmental

considerations.

Conduct investigations of complex problems: The problems that cannot be solved by

straight forward application of knowledge, theories and techniques applicable to the

engineering discipline that may not have a unique solution. For example, a design problem

can be solved in many ways and lead to multiple possible solutions that require consideration

of appropriate constraints/requirements not explicitly given in the problem statement (like:

cost, power requirement, durability, product life, etc.) which need to be defined (modeled)

within appropriate mathematical framework that often require use of modern computational

concepts and tools. Modern tool usage: Create, select, and apply appropriate techniques, resources, andmodern

engineering and IT tools including prediction and modelling to complex engineering

activities with an understanding of the limitations. The engineer and society: Apply reasoning informed by the contextual knowledge to

assesssocietal, health, safety, legal, and cultural issues and the consequent responsibilities

relevant to the professional engineering practice. Environment and sustainability: Understand the impact of the professional

engineeringsolutions in societal and environmental contexts, and demonstrate the knowledge

of, and need for sustainable development. Ethics: Apply ethical principles and commit to professional ethics and responsibilities

andnorms of the engineering practice. Individual and team work: Function effectively as an individual, and as a member or

leaderin diverse teams, and in multidisciplinary settings. Communication: Communicate effectively on complex engineering activities with

theengineering community and with society at large, such as, being able to comprehend and

write effective reports and design documentation, make effective presentations, and give and

receive clear instructions.

Project management and finance: Demonstrate knowledge and understanding of

theengineering and management principles and apply these to one’s own work, as a member

and leader in a team, to manage projects and in multidisciplinary environments. Life-long learning: Recognise the need for, and have the preparation and ability to engage

inindependent and life-long learning in the broadest context of technological change.

57

APPENDIX C

BLOOM’S TAXONOMY

Bloom’s taxonomy is a classification system used to define and distinguish different levels of

human cognition—i.e., thinking, learning, and understanding. Educators have typically used

Bloom’s taxonomy to inform or guide the development of assessments (tests and other

evaluations of student learning), curriculum (units, lessons, projects, and other learning

activities), and instructional methods such as questioning strategies.